will see pregnancy.org.ua
I don't know how to answer this question! now the sites are working, that's good, but still I would like to understand how to do it right.
I don't want /recipe.org.ua/privkey.pem etc. to be used everywhere.
and perhaps the old directives were shorter and better.
maybe i should uninstall and reinstall again certbot.
Despite all the difficulties and imperfections, I am immensely grateful to you, as you helped me make my websites work. Thank you from me in Ukraine!
It looks like that site has a certificate for (probably) all hostnames known to your nginx. That's not a real problem. The only thing is all hostnames are visible in that single certificate.
It looks like you didn't select any specific hostname when Certbot asked for it, so it used all hostnames known to nginx and requested a certificate for all those hostnames.
That isn't necessary. While it might be some work, you can reinstall existing certificates (if still known to Certbot) by selecting specific hostnames. This can be done using the interactive menu in Certbot, but you can also select them on the command line, e.g.:
sudo certbot --nginx -d pregnancy.org.ua -d www.pregnancy.org.ua
That way Certbot will only use those specific hostnames and thus also only the server blocks in nginx specific to those hostnames. If Certbot already knows about an existing certificate, it would ask you to reinstall that cert, which is fine.
That said, it seems you now have overlapping certificates: multiple "single site" certificates and also a single "multi site" certificate. So you might need to specify a specific certificate name using --cert-name name-of-the-cert-here. You can find all the certificates and their name and included hostnames by running sudo certbot certificates.
#!/bin/bash
domains=("site1" "site2" "siteN" )
for domain in "${domains[@]}"
do
certbot --nginx -d "$domain" -d www."$domain"
done
chmod +x update_certificates.sh
sed -i 's/\r//' /etc/nginx/conf.d/update_certificates.sh
/etc/nginx/conf.d/update_certificates.sh
I'm not an Bash expert, but that might or might not work due to the lack of --cert-name as mentioned earlier. Maybe you're lucky and it just works. Maybe you're lucky and all the single site certificates are actually called "$domain"? Or if you're unlucky it's a mix of $domain and www.$domain 
Not sure what the "update" in that command means...
But once the certificates have been created, you only need to renew them - with:
certbot renew
And why would you save it that nginx folder?:
Please show:
nginx -T | grep -i include
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.